diff --git a/jobs/uaa/spec b/jobs/uaa/spec index 9a63214b6..3fb9ab5b7 100644 --- a/jobs/uaa/spec +++ b/jobs/uaa/spec @@ -448,6 +448,9 @@ properties: the alias). Note that existing entities with an alias will not be removed when deactivating the flag. Instead, the creation, update and deletion of identity providers and users with an alias is prohibited. default: false + login.checkOriginEnabled: + description: "This flag enables the origin check in SCIM. Otherwise, the assignments of users to an origin are not validated." + default: false # Email login.notifications.url: diff --git a/jobs/uaa/templates/config/uaa.yml.erb b/jobs/uaa/templates/config/uaa.yml.erb index d0017036e..da64e900c 100644 --- a/jobs/uaa/templates/config/uaa.yml.erb +++ b/jobs/uaa/templates/config/uaa.yml.erb @@ -671,6 +671,7 @@ 'idpDiscoveryEnabled' => p('login.idpDiscoveryEnabled'), 'accountChooserEnabled' => p('login.accountChooserEnabled'), 'aliasEntitiesEnabled' => p('login.aliasEntitiesEnabled'), + 'checkOriginEnabled' => p('login.checkOriginEnabled'), 'entityBaseURL' => login_entityBaseUrl, 'entityID' => login_entityId, 'prompt' => { diff --git a/spec/compare/all-properties-set-uaa.yml b/spec/compare/all-properties-set-uaa.yml index f653ab13f..3380cf54d 100644 --- a/spec/compare/all-properties-set-uaa.yml +++ b/spec/compare/all-properties-set-uaa.yml @@ -347,6 +347,7 @@ login: idpDiscoveryEnabled: true accountChooserEnabled: true aliasEntitiesEnabled: true + checkOriginEnabled: true entityBaseURL: http://all-properties-set:8888/uaa entityID: all-properties-set:8888/uaa prompt: diff --git a/spec/compare/bosh-lite-uaa.yml b/spec/compare/bosh-lite-uaa.yml index f44d3ac0f..fc3644f3c 100644 --- a/spec/compare/bosh-lite-uaa.yml +++ b/spec/compare/bosh-lite-uaa.yml @@ -265,6 +265,7 @@ login: idpDiscoveryEnabled: false accountChooserEnabled: false aliasEntitiesEnabled: false + checkOriginEnabled: false entityBaseURL: https://login.bosh-lite.com entityID: login.bosh-lite.com prompt: diff --git a/spec/compare/deprecated-properties-still-work-uaa.yml b/spec/compare/deprecated-properties-still-work-uaa.yml index 98fac4152..a5ab65a09 100644 --- a/spec/compare/deprecated-properties-still-work-uaa.yml +++ b/spec/compare/deprecated-properties-still-work-uaa.yml @@ -219,6 +219,7 @@ login: idpDiscoveryEnabled: false accountChooserEnabled: false aliasEntitiesEnabled: false + checkOriginEnabled: false entityBaseURL: http://test.uaa.url entityID: test.uaa.url prompt: diff --git a/spec/compare/test-defaults-uaa.yml b/spec/compare/test-defaults-uaa.yml index f3b2557d1..b7c1cc105 100644 --- a/spec/compare/test-defaults-uaa.yml +++ b/spec/compare/test-defaults-uaa.yml @@ -170,6 +170,7 @@ login: idpDiscoveryEnabled: false accountChooserEnabled: false aliasEntitiesEnabled: false + checkOriginEnabled: false entityBaseURL: http://test.uaa.url entityID: test.uaa.url prompt: diff --git a/spec/input/all-properties-set.yml b/spec/input/all-properties-set.yml index 19aae7b56..f0a0a53cd 100644 --- a/spec/input/all-properties-set.yml +++ b/spec/input/all-properties-set.yml @@ -39,6 +39,7 @@ properties: idpDiscoveryEnabled: true accountChooserEnabled: true aliasEntitiesEnabled: true + checkOriginEnabled: true links: global: passwd: "https://{zone.subdomain}.myaccountmanager.domain.com/z/{zone.id}/forgot_password"